Privacy Policy

Last Updated: February 3, 2026

1. Introduction

BookCompanionGPT ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI tutoring platform.

2. Information We Collect

2.1 Information You Provide

• Account Information: Email address, username, password (encrypted)
• Profile Information: Grade level, preferred subjects (optional)
• Payment Information: Processed securely through Stripe (we don't store card details)
• Chat Content: Your questions and conversations with the AI tutor

2.2 Automatically Collected Information

• Usage Data: Pages visited, features used, time spent
• Device Information: Browser type, operating system, IP address
• Cookies: Session cookies for authentication and functionality

3. How We Use Your Information

We use your information to:

• Provide and maintain the AI tutoring service
• Process your account registration and authentication
• Process payments and manage subscriptions
• Improve our AI tutor's responses and accuracy
• Send important service updates (not marketing, unless you opt-in)
• Prevent fraud and ensure platform security
• Comply with legal obligations

4. How We Share Your Information

4.1 Service Providers

We share information with trusted third parties who help us operate:

• AI Service Providers: Your questions are sent to third-party AI services for responses (subject to their respective privacy policies)
• Stripe: Payment processing (they don't see your chat content)
• Hosting Providers: To store and serve the application

4.2 Legal Requirements

We may disclose information if required by law, subpoena, or to protect our rights and safety.

4.3 What We DON'T Do

• ❌ We never sell your personal information
• ❌ We don't share your chat content with third parties (except AI processing)
• ❌ We don't send spam or unsolicited marketing emails

5. Data Security

We implement industry-standard security measures:

• Passwords are encrypted using bcrypt hashing
• HTTPS/SSL encryption for all data transmission
• Secure authentication using JWT tokens
• Regular security updates and monitoring
• Limited employee access to personal data

6. Your Data Rights

You have the right to:

• Access: Request a copy of your personal data
• Correction: Update or correct your information
• Deletion: Request deletion of your account and data
• Export: Download your chat history (Premium feature)
• Opt-Out: Unsubscribe from non-essential emails

To exercise these rights, email us at: privacy@bookcompaniongpt.com

7. Children's Privacy

Our service is designed for students of all ages. For users under 13 (or applicable age in your country), parental consent may be required. We comply with COPPA (Children's Online Privacy Protection Act) regulations.

8. Cookies and Tracking

We use cookies for:

• Essential Cookies: Required for login and core functionality
• Analytics: To understand how users interact with our platform (anonymized)

You can disable cookies in your browser, but this may limit functionality.

9. Data Retention

• Active Accounts: Data retained while your account is active
• Deleted Accounts: Most data deleted within 30 days
• Legal Requirements: Some data may be retained longer for legal/financial compliance
• Chat History: Stored indefinitely unless you request deletion

10. International Users

Our servers may be located in different countries. By using our service, you consent to the transfer of your information to countries that may have different data protection laws.

11. Changes to This Policy

We may update this Privacy Policy periodically. We'll notify you of significant changes via email or platform notice. Continued use after changes constitutes acceptance.

12. Contact Us

For privacy questions or concerns:

• Email: privacy@bookcompaniongpt.com
• Support: support@bookcompaniongpt.com

13. GDPR Compliance (EU Users)

If you're in the European Union, you have additional rights under GDPR:

• Right to data portability
• Right to restrict processing
• Right to object to processing
• Right to lodge a complaint with supervisory authority

---

This Privacy Policy is effective as of February 3, 2026.